An Introduction to Computer Security

Computer Security 13

CS502 Spring 2006

ACLs vs. Capabilities

•Focus on resources – the Access Control List

–Good if resources greatly outnumber users

–Can be implemented so that minimal information caching is needed

–Good when the user who creates a resource has authority over it

•Focus on users – the Capability System

–Good if users greatly outnumber resources

–Lots of information caching is needed

–Good when a system manager has control over all resources


	The issue is one of HOW we view the problem, WHERE the control information is stored, and WHEN the tests and changes are made.

	Tests for rights needs to be delayed to the last minute…

	Therefore, the time frame to think about is Run-Time

	STEP BACK: Storage for access control information is theoretically independent of EITHER if the objects, but run-time efficiency suggests an answer...